Extracted

• • Target

    SC INSTRUCTION INVOICE.exe

  • Size

    1.0MB

  • MD5

    b45df79655f1d3f12ee75d440f5b0202

  • SHA1

    2a9433415f33855946993f2269567dc8a77079d6

  • SHA256

    664816d292abbaafa018c7ef1991f256b5c9e14d2337259f722838fe534c6a52

  • SHA512

    248d9837a100d4cd39032a0d8d6122d303762bba1d09b2568a4b89dde17007dbae8848d7b93552a1dd0d5d2c9fc7e3079662a8cfee7ed192fd8fd7a2705067a8

  • SSDEEP

    24576:5Bx339q99MY+LJ0qp36bhTcfhfGiOm8eVZOzCaGsmtBT:3h499MYmJ0OUhw8Re2mNDT

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1